Skip to main content
Feedback

Supported SSH ciphers for MFT SFTP server

SSH2 algorithm enumeration

Key exchange algorithms (KEX) [7 total]

  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

Server host key algorithms [1 total]

  • ssh-rsa

Encryption algorithms [13 total]

Counter mode (CTR) ciphers

  • aes256-ctr
  • aes192-ctr
  • aes128-ctr
  • 3des-ctr

Cipher block chaining (CBC) ciphers

  • aes256-cbc
  • aes192-cbc
  • aes128-cbc
  • 3des-cbc
  • blowfish-cbc
  • cast128-cbc

Stream ciphers

  • arcfour256
  • arcfour128
  • arcfour

Message authentication code (MAC) algorithms [10 total]

SHA-1 Based

  • hmac-sha1
  • hmac-sha1-96

MD5 Based

  • hmac-md5
  • hmac-md5-96

SHA-2 Based

  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha2-256-96
  • hmac-sha2-512-96

RIPEMD Based

  • hmac-ripemd160
  • hmac-ripemd160-96

Compression Algorithms [1 total]

  • none (No compression)

Security recommendations

  • Prefer newer key exchange and MAC algorithms with SHA-2 variants
  • Avoid older algorithms like SHA-1 and MD5 when possible
  • Use AES-CTR or AES-CBC modes with 256-bit keys for enhanced security
  • Disable weak ciphers like arcfour and 3des if not required by legacy systems
note

Actual supported algorithms may vary based on specific server configuration and security policy.

On this Page